All posts by Bobby Hellard

WordPress plugin exploit puts over 90,000 sites at risk

Bobby Hellard

14 Oct, 2021

Researchers have unearthed a series of vulnerabilities that could have compromised thousands of WordPress websites.

Potentially exploitable bugs were found in the Brizy Page Builder, a WordPress plugin that is installed across more than 90,000 websites, according to security firm Wordfence.

The company’s Threat Intelligence team reported the issues in August and a fix was released shortly afterwards, but it’s likely that a number of installations still remain unpatched. If exploited, it could allow attackers to execute “complete site takeover” and add malicious code to existing posts.

The vulnerabilities could also allow for any registered user, including subscribers, to pass as an administrator, where they could modify posts and pages, even if they had already been published on a site.

The Wordfence’s Threat Intelligence team said it stumbled upon the vulnerability while conducting a routine review of the Wordfence firewall in July. It said the plugin “did not appear” to be under active attack, but they were led to believe that there was something amiss following “unusual traffic”.

“The unusual traffic led us to discover two new vulnerabilities as well as a previously patched access control vulnerability in the plugin that had been reintroduced,” Wordfence wrote in a blog post. “Both new vulnerabilities could take advantage of the access control vulnerability to allow complete site takeover.”

A patched version of the Brizy Page Builder plugin, was released on 24 August, just a few days after Wordfence disclosed the vulnerability. Wordfence “strongly recommends” users update to the latest version of the Brizy Page Builder (2.3.17) as soon as possible.

Google Cloud reveals edge-focused Distributed Cloud portfolio

Bobby Hellard

13 Oct, 2021

Google Cloud has announced a distributed cloud portfolio of fully managed hardware and software services that can be accessed from the edge or a customers’ data centre. 

The new portfolio was one of the biggest announcements to come from the first day of Google Cloud’s virtual Next 21 conference on Tuesday.

The Google Distributed Cloud has been built on Anthos and is aimed at businesses that need to migrate or modernise applications or process data locally with Google Cloud products, whether that’s databases, machine learning (ML) or even third-party services from other leading vendors

It can run across multiple locations, according to Google Cloud, including Google’s network edge, operator edge, customer edge and also customer data centres. The first products to be announced within this portfolio were Google Distributed Cloud Edge and Google Distributed Cloud Hosted.

The latter is designed to run sensitive workloads and doesn’t require a connection to Google Cloud at any time in order to manage infrastructure, services or APIs. It simply uses a local control portal that’s managed in Google’s Anthos, and will be available in preview during the first half of 2022.

“Our goal is to make your journey to the cloud easy,” Sachin Gupta, the GM and VP of product for IaaS at Google Cloud, said. “With transformative capabilities to help you innovate faster and save money, we follow an open approach to give you the greatest flexibility and choice as your organisation evolves.” 

Elsewhere, the cloud giant also unveiled data-centric updates such as Vertex AI Workbench, a unified service to build and deploy ML models faster to accelerate time-to-value. The company also revealed an autoscaling and serverless service in partnership with ‘Spark’. Available now in preview, it aims to enable customers to get started in seconds and scale infinitely, regardless if they start in BigQuery, Dataproc, Dataplex or Vertex AI. 

There were also multiple announcements around sustainability, such as Carbon Footprint Reporting, which provide actionable reports of the carbon footprint associated with a customer’s Cloud usage. Google Earth Engine, which will become available for select enterprise customers, lets organisations combine the power of cloud computing, satellite imagery and AI to decarbonise their operations.

What’s more, Google Cloud will also proactively alert customers of all idle cloud instances and their associated carbon footprints with Carbon Reduction Recommendations. If customers choose to delete them, they’ll reduce their cloud carbon footprints.

Amazon relaxes remote working policy under new CEO

Bobby Hellard

12 Oct, 2021

Amazon CEO Andy Jassy has announced that the decision to return to office will be left to the directors of individual teams. 

The tech giant had previously said it wanted staff in the office three days a week, a policy that was announced shortly before Jassy took over from Jeff Bezos in July.

Those plans were pushed back to 2022 due to the spread of COVID across the US. However, in a message to employees, Jassy said he acknowledged that due to uncertainty and different circumstances, decisions on whether to return to the office would now be made on a team-by-team basis at a director level.

“​​First, none of us know the definitive answers to these questions, especially long term,” Jassy said in a statement. “Second, at a company of our size, there is no one-size-fits-all approach for how every team works best. And third, we’re going to be in a stage of experimenting, learning, and adjusting for a while as we emerge from this pandemic. All of this led us to change course a bit.”

Last week, the new CEO told a crowd at the GeekWire Summit in Seattle that the company could do more to treat employees better, specifically calling out the company’s approach to the pandemic as something where it “fell short”. 

Instead of specifying the number of days in office, corporate roles will have their working from home allowance decided by a team director. As such, Jassy said that Amazon expects teams to still continue working “mostly” remotely, while others will form some combination of home and in office. He also suggested that there will be those that chose to come into the office every day. 

“We’re intentionally not prescribing how many days or which days – this is for directors to determine with their senior leaders and teams,” Jassy added. “The decisions should be guided by what will be most effective for our customers; and not surprisingly, we will all continue to be evaluated by how we deliver for customers, regardless of where the work is performed.”

Similarly, Google also recently extended its remote working plans into 2022, saying it would wait for a clearer picture of the pandemic in the US before it made a final decision. 

EU opens Microsoft Teams probe following Slack complaint

Bobby Hellard

12 Oct, 2021

Antitrust regulators from the European Commission (EC) are reportedly asking Microsoft’s rivals if Teams has more market clout because it is bundled in with the company’s popular Office suite of services. 

The EC appears to be following up on a complaint by Slack with a questionnaire, seen by Reuters, that has been sent to Microsoft’s rivals.

Slack’s complaint was formally filed more than a year ago and accused Microsoft of “illegally” bundling the Teams app into its market-dominant productivity suite. The communications platform argued that this hampers competition because it is unremovable from the software suite, essentially forcing the app upon users. 

At the time, Slack said it was confident of the “merits” of its own product, but said it couldn’t ignore the “illegal behaviour” that deprives customers of access to the tools and services they want. The company said it simply wanted fair competition and asked the EC to be a neutral referee in a legal culmination of a very long tit-for-tat war between the two companies.

The EC had been very quiet on the subject, only confirming that it had received a complaint back in June, although according to the questionnaire seen by Reuters, it is looking at the market from 2016 to 2021. This would cover a year before Teams was launched (2017) and the four years after where it has rapidly grown.  

The Commission is reportedly asking if bundled products give companies access to data that could increase their market power and make it harder for rivals to compete, and is also keen to hear about the barriers to entry and expansion in the workplace apps market. What’s more, participants were asked for a list of customers who have switched to Microsoft Teams or its bundled Office package. 

Slack, which is a much older platform, has always maintained that Teams was a “poor copy” of its product and its CEO Stewart Butterfield has made various comments to that effect. Microsoft has not engaged in the war of words as much, but it has previously been fined by the EC for cases that involve tying services in other practices.  

Facebook blames faulty configuration change for hours-long outage

Bobby Hellard

5 Oct, 2021

A faulty configuration change has been blamed for taking Facebook, WhatsApp and Instagram offline for more than six hours on Monday night. 

The social network’s engineering team said that the changes affected the routers that coordinate the platform’s network traffic between its data centres. This, they said, caused a “cascading effect” on the way its data centres communicate, bringing all of the company’s services to a halt. 

“Our services are now back online and we’re actively working to fully return them to regular operations,” the company said in a blog post. “We want to make clear at this time we believe the root cause of this outage was a faulty configuration change. We also have no evidence that user data was compromised as a result of this downtime.”

In order to remedy the issue, Facebook sent engineers to one of its main data centres in California, according to The New York Times, suggesting it couldn’t be fixed remotely. It was also reported that the outage prevented staff from accessing company buildings and conference rooms with their badges.

The incident caught the attention of internet giant Cloudflare, which initially assumed something was wrong with its own DNS servers. However, after an investigation, engineers realised something more serious was happening, and reported in a blog that “social media quickly burst into flames.”

“Facebook and its affiliated services WhatsApp and Instagram were, in fact, all down,” Cloudflare said. “Their DNS names stopped resolving, and their infrastructure IPs were unreachable. It was as if someone had ‘pulled the cables’ from their data centres all at once and disconnected them from the Internet.”

The issues were down to BGP – the Border Gateway Protocol – which is a mechanism that exchanges routing information between autonomous systems on the web. The bigger versions of these make the internet work and have constantly updated lists for the possible routes of traffic, according to Cloudflare. 

“The Internet is literally a network of networks, and it’s bound together by BGP,” the firm said in its blog. “BGP allows one network (say Facebook) to advertise its presence to other networks that form the Internet. As we write Facebook is not advertising its presence, ISPs and other networks can’t find Facebook’s network and so it is unavailable.”

Google Cloud confirms Intel Ice Lake processor support for N2 VMs

Bobby Hellard

30 Sep, 2021

Google Cloud has announced that its Compute Engine N2 virtual machines (VMs) will be available with Intel’s 10 nanometer Ice Lake Xeon processors.

There’s no specific date for the release, but Google now joins a list of companies that includes Amazon, Microsoft, and Oracle, which are set to use the latest generation of Xeon Scalable chips for their cloud services.

Google claims that using the 10nm chips in the N2 VMs will offer a 30% boost in price-performance compared to the previous generation of Xeons. The current version of N2 uses Intel’s 14nm second-generation processors, known as Cascade Lake.

The new N2 VMs will be offered at the same price as the existing Cascade Lake N2, and their usage can be discounted using existing N2 committed use discounts, according to Google.

The news comes just two weeks before Google Cloud Next, the cloud giant’s annual conference, where more details of the announcement will likely be shared. This is somewhat behind the rest of the industry, however, with Amazon, Microsoft, and Oracle all confirming support shortly after Intel officially revealed Ice Lake in April.

Google’s N2 will be available in preview early in the fourth quarter of 2021 in the US, Europe, and Southeast Asia, while availability in additional Google Cloud regions, in line with current N2 machine family regions, is planned for “the coming months”, the tech giant said.

The Ice Lake-N2 VMs have already been used by select customers, such as e-commerce firm Shopify, which used them to increase performance and reduce response times for its applications.

“With Google Cloud’s new N2-Ice Lake VMs, we were able to achieve improvements on all these areas,” said Justin Reid, senior staff engineer at Shopify. “We were able to achieve over 10% performance improvements for one of our compute-intensive workloads by running on the new N2 Ice Lake VMs and also achieve lower request latency for our users as compared to previous generation N2 Cascade Lake VMs.”

A third of businesses plan to set to spend $1 million on AI by 2023

Bobby Hellard

29 Sep, 2021

A third of organisations with plans to adopt artificial intelligence (AI) have said they will invest $1 million or more into the technology over the next two years. 

That’s according to Gartner’s annual Emerging Technology Product Leaders survey, where the majority of respondents (87%) predict industry-wide funding for AI increasing at a “moderate to fast pace” throughout 2022.

The survey was conducted between April and June of this year with 268 respondents from China, Hong Kong, Israel, Japan, Singapore, the UK and the US. Respondents were required to be involved in their organisation’s portfolio decisions when it comes to emerging technology and to work at an organisation in the high-tech industry with enterprise-wide revenue for fiscal year 2020 of $10 million or more.

AI seems to be the priority for most, with an average planned investment of $679,000 in computer vision over the next two years. Compared with other emerging technology areas, such as cloud and IoT, AI technologies had the second-highest reported ‘mean funding’ allocation. 
“Rapidly evolving, diverse AI technologies will impact every industry,” said Errol Rasit, managing vice president at Gartner.

“Technology organisations are increasing investments in AI as they recognise its potential to not only assess critical data and improve business efficiency, but also to create new products and services, expand their customer base and generate new revenue. These are serious investments that will help to dispel AI hype.”

Just over half of the respondents reported significant customer adoption of their AI-enabled products and services. 41% per cent of the respondents also cited AI emerging technologies as still being in development or at early adoption stages, suggesting there is a wave of potential adoption as new or augmented AI products and services are set to enter general availability.

The report is in contrast to another Gartner report from earlier in September, which highlighted the lack of talent the UK is currently facing and the barriers it could create for businesses adopting emerging technology. 

The perceived lack of talent was cited as the leading factor inhibiting adoption for six technology domains: compute infrastructure and platform services, network, security, digital workplace, IT automation and storage and database.  

Cloudflare takes aim at “exorbitant” AWS fees with R2 storage service

Bobby Hellard

29 Sep, 2021

Internet giant Cloudflare has made a bold pitch for enterprise customers with its new R2 object storage service. 

Cloudflare claims the selling point of R2 is that it comes with no “outrageous” charges for migrating data to external services, pitting it directly against Amazon’s dominant S3 service. 

R2 Storage is designed for the edge, according to Cloudflare, and offers customers the ability to store large amounts of data and extract it for no additional cost. 
In order to build websites and applications, developers need to store photos, videos, and graphics in easily accessible places, but that can become an expensive problem over time. AWS S3 is well known for its “egress” charges that can result in hefty bills over time, and Microsoft Azure and Google Cloud also implement similar fees for data migration.

However, both Azure and Google Cloud offer substantial discounts for their mutual Cloudflare customers, according to a Cloudflare blog from July.

Increasingly egregious bandwidth pricing has made cloud storage an expensive headache for some developers, and eventually leads to vendor lock-in, according to Cloudflare. As such, the company is making it its mission to heIp build a better internet by focusing on making it faster, safer, and also more affordable for everyone.

“Since AWS launched S3, cloud storage has attracted, and then locked in, developers with exorbitant egress fees,” said Matthew Prince, co-founder and CEO of Cloudflare. “We want developers to keep developing, not worrying about their storage bill. 

“Our aim is to make R2 Storage the least expensive, most reliable option for storing data, with no egress charges. I’m constantly amazed by what developers are building on our platform, and look forward to continued innovation as we expand the tools they have access to.”

As well as entering the enterprise storage business, Cloudflare this week also announced its first foray into the email security industry.

Google Cloud to lower its marketplace fees

Bobby Hellard

27 Sep, 2021

Google Cloud plans to reduce the amount of revenue it keeps when customers buy software from other vendors via its cloud marketplace. 

The cloud arm of the tech giant is cutting fees it takes from 20% to just 3%, according to CNBC sources. 

The company has confirmed it is planning to make a change to its marketplace revenue fees but said it isn’t yet ready to release the exact figures. However, it’s the latest in a series of efforts under CEO Thomas Kurian to make Google a bigger player in the cloud services industry in a bid to catch the likes of AWS and Microsoft Azure. 

The fees that large tech firms charge for selling on their platforms have been under heavy scrutiny of late, whether that’s consumer apps or business products. Some tech giants have been forced to revisit their fees due to regulatory action; Apple, for example, recently reduced the percentage it takes from app developers that sell apps from its Play Store, following its court battle with Epic Games.

However, Google Cloud’s planned reduction is about attracting more companies to its marketplace and, ultimately, boosting its competitive advantage. 

“Our goal is to provide partners with the best platform and most competitive incentives in the industry,” a Google Cloud spokesperson told CloudPro. “We can confirm that a change to our Marketplace fee structure is in the works and we’ll have more to share on this soon.”  

Google Cloud, is still an unprofitable segment of the Alphabet business, according to its most recent earnings report, but it has made changes under Kurian to enable future growth, according to Forrester cloud analyst Tracy Woo.

“Thomas Kurian brought to Google what they needed, which is more enterprise experience,” Woo tells CloudPro. “He very quickly built out their vertical-specific solutions which is something that other cloud providers are doing as well. This was a good move as it will likely help lower the barrier to adoption by some of the major enterprises. They’ve also very aggressively pursued the hybrid cloud space both in services as well as in management. It’s been an important area that still has no ‘killer app’ and if they’re successful can help them to win more of the market share.

“Other areas that he’s helped streamline are its sales teams and process to require less overhead and approval to provide customers with better pricing or discounting. And within his time there he’s managed to grow the cloud business revenue. Culturally, there may have been concerns about Kurian being not ‘Google’ enough but his presence has shown to have a positive impact on the organisation.”

Google Cloud targets larger market share with engineering reshuffle

Bobby Hellard

16 Sep, 2021

The engineering teams at Google Cloud are set to be shaken up in a bid to improve the company’s standing in the wider market.

The organisation’s CEO, Thomas Kurian, alluded to a number of technical leadership changes, in an internal email seen by CNBC.

It includes the replacement of engineering lead Eyal Manor, a 15-year Google veteran who was a key part of developing a number of the firm’s cloud products, such as Anthos. Manor is not entirely leaving Google, however, as the emails suggest he will look for another role within the company.

Google Cloud will be replacing Manor with Brad Calder, the company’s current VP of engineering of technical infrastructure, but in a more expansive role that will also oversee security and data analytics, according to CNBC sources.

Calder will report directly to Kurian, according to the CEO’s email, as the change will allow the technical teams to “work more closely” with the Cloud leadership team, as well as Google CEO Sundar Pichai and the wider Google leadership team, on its longer-term strategy.​​

Kurian added that Calder’s 15-years of cloud experience meant he had the “proven expertise” to take on a broader role at the company and shape its entire strategy.

Google Cloud and its technical infrastructure business have more than doubled in the past few years, according to Kurian’s email, which also said: “the demands of shaping long-term strategy while focusing on day-to-day operations have continued to accelerate. As a result, we felt that it was the right time to unify the broad portfolio under Brad Calder.”

The changes are thought to be about improving Google’s chances in the hotly contested cloud services market. The company currently has a 10% share, according to analyst Synergy, far behind both Amazon Web Services (33%) and Microsoft (20%).

“We have an enormous opportunity to continue to grow the business by expanding our total addressable market in new ways,” Kurian said in his email. “As the market changes, the needs of our products continue to evolve, and it’s important that we evolve our organisation to support this growth.”